Closed Yannik closed 8 years ago
I don't know of any way to get ssh-agent to ask for confirmation only when the request comes from a remote host / forwarded ssh-agent connection / after the agent connection was forwarded - sorry.
I agree it would be a great feature to have, but not sure we can do anything on the ssh-ident side. Eg, we can control if to forward an agent-connection or not, but once forwarded, I can't think of any way we could force -c to be added? short of removing the key and re-adding it, which would require either asking the passphrase again (defeating the convenience), or storing the passphrase or the cleartext key in ssh-ident (which imho are non-starters, and a whole can of worms).
If you have any suggestions on how we could implement this, please re-open the bug. In the mean time, given there's nothing we can do here, I'm closing it.
@ccontavalli From my understanding of openssh, the remote server is directly communicating with the local ssh-agent (which is forwarded to the remote server). Therefore, it does require changes to openssh to enable the ssh-agent to differentiate between requests from a local ssh process, and from a ssh process on a remote server (via ssh-agent forwarding).
As the current situation of a) not requiring confirmation but opening yourself to a huge potential security issue or b) always requiring confirmation which can be a big hassle
is really unsatisfying, I wrote a few modifications to openssh, which you can find at https://github.com/Yannik/openssh-always-confirm-forwards
It is a really dirty solution (I got little experience in C), but it does serve the purpose well enough for me right now.
https://github.com/tiwe-de/ssh-agent-filter provides a way to do this using a filtering proxy in front of the ssh-agent.
Hi,
would it be possible to have the agent only confirm the key usage (ssh-add '-c' option) when it has been forwarded using agent forwarding? This would allow using the keys on the local host without jumping through additional hoops, but compromised remote hosts wouldn't be able to abuse forwarded agents.